Cyber Crime

Pierluigi Paganini April 08, 2014
Symantec on a fake voting campaign used to steal Facebook credentials

Security experts at Symantec observed a new phishing campaign based on a fake voting application used to steal victim’s credentials. Phishing is a very dangerous threat for Internet users, nearby classic techniques new forms of phishing are exploiting new platforms like mobile and social networks. Phishers continuously improve their techniques to be able to harvest […]

Pierluigi Paganini April 07, 2014
New Zeus trojan variant digitally signed in the wild

Security researchers at Comodo have detected a new Zeus trojan variant enhanced with digital signature of its source code to avoid detection. The security community is once again menaced by Zeus banking trojan, a new variant of the malicious  ZeuS Trojan has been identified by researchers at Comodo AV labs. This instance presents an interesting feature, it is […]

Pierluigi Paganini April 06, 2014
German authorities discovered 18 Million stolen Email accounts

German authorities have discovered 18 Million Email Passwords, this is probably the biggest Data Theft in the history of the country. German authorities have confirmed that nearly 18 million email accounts were stolen and compromised by hackers, it is the greatest theft occurred in the country in the history. The news was published by the Der Spiegel journal […]

Pierluigi Paganini April 05, 2014
Persistent XSS in Top Website enables large-Scale DDoS attack

Incapsula firm discovered the exploitation of a persistent XSS vulnerability in one of the world most popular website to run a large scale DDoS attack. Recently Cloud-based security service provider Incapsula detected an application layer DDoS attack conducted hijacking a huge volume of traffic to victims website. The website of Incapsula customer was flooded by a DDoS attack, over […]

Pierluigi Paganini April 03, 2014
F-Secure has discovered MiniDuke malware samples in the wild

Security Experts at F-Secure discovered a collection of pdf documents, that had references to Ukraine, containing MiniDuke malware samples. MiniDuke is the name of a sophisticated cyber espionage campaign discovered more than one year ago by experts at Kaspersky Lab and Hungary’s Laboratory of Cryptography and System Security (CrySyS). The malicious code was used by unknown hackers to […]

Pierluigi Paganini March 29, 2014
Reading the Global Threat Intelligence Report (GTIR)

The Global Threat Intelligence Report (GTIR) addresses the security challenges of organizations globally analyzing 3 billion worldwide attacks occurred in 2013. The NTT Innovation Institute has released the new Global Threat Intelligence Report (GTIR), a document structured to raise awareness of the rapidly evolving global threat landscape. The GTIR was based on threat intelligence and attack data from […]

Pierluigi Paganini March 28, 2014
Netcraft stats on the increasing abuse for WordPress installations

More than 12,000 phishing sites analyzed by Netcraft are hosted on compromised WordPress installations, the websites were used also to serve malicious code. Netcraft internet services company published a statistic which shows that nearly 12,000 WordPress instances were compromised in February, the attackers used the popular CMS to conduct phishing campaigns against targeted family of users, […]

Pierluigi Paganini March 27, 2014
Gameover ZeuS is Targeting recruitment websites

Security experts at F-Secure have detected a new variant of Gameover ZeuS financial Trojan which is targeting recruitment websites. Zeus Trojan is probably one of the most prolific and long-lived malware, security firms have discovered in the last years numerous variant even more sophisticated. After the public release of it source code, principal security firms have […]

Pierluigi Paganini March 27, 2014
FireEye uncovered APTs exploiting interest on Malaysian Flight MH370

Security experts at FireEye uncovered a cyber espionage campaign based on multiple MH370 themed spear phishing emails. Security researchers at FireEye have revealed a link between a recent spear phishing campaign on Malaysian Airlines flight MH370 and the attacks conducted by some advanced persistent threat (APT) attackers. The mysterious skyjacking of the Boeing 777-200 aircraft of Malaysian Airlines, flight MH370, is considered one of the events […]

Pierluigi Paganini March 26, 2014
Evolution of the offer in the underground market

RAND nonprofit and Juniper Networks firm published an interesting research on the evolution of the offer in the underground market. The cybercriminal underground is a prolific market able to provide any kind of tools and services for illicit ecosystem, one of the most requested articles is the exploits to compromise Internet users’ machines. Russian-language forums are […]